EnCyCriS 2025

This marks the 6th edition of the International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) at the ICSE conference.

For industrial critical systems, although the previous premises of increasing system interconnectivity, decentralization, and introduction of new, more intelligent technologies still hold true, there is an increased societal awareness with regards to cybersecurity. This has led to clearer regulation, sharper requirements, and higher expectations for industry. At the same time, the availability of readily deployable competence, methods, tools, and solutions is lacking, which should be considered a critical societal risk.

In the current international political climate, cyber security, and safety of critical infrastructures across industry, are more important than ever before. The EnCyCriS workshop facilitates discourse and discussion amongst researchers, practitioners, and students who are working on challenges and solutions related to industrial critical infrastructure. It has a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems, secure systems engineering, and attack detection and response mechanisms.

Previous editions

• EnCyCriS/SVM 2024 was co-located with ICSE 2024
• EnCyCriS 2023 was co-located with ICSE 2023.
• EnCyCriS 2022 was co-located with ICSE 2022.
• EnCyCriS 2021 was co-located with ICSE 2021.
• EnCyCriS 2020 was co-located with ICSE 2020.

Call for Papers

EnCyCriS invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical software-based systems on the following topics:

• Practical safety and security co-engineering – challenges and solutions for critical infrastructure and industrial software-intensive systems.
• Threat and vulnerability identification and impact estimation to respond to adverse cyber events, using models, simulations, and digital twins.
• The role, impact, and unsolved challenges of human, technological and organizational participants in the cybersecurity of critical infrastructures and complex sociotechnical systems.
• Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.

Topics are not limited to those listed above; all relevant papers will be considered. We accept position, research, and industrial experience papers. We highly value industrial experience and lessons learned, including academic papers with industrially applied research artefacts. This workshop facilitates discourse and discussions among researchers, practitioners, and students who are working on challenges and solutions related to the 4th industrial revolution, with a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.

Submission

We accept submission of research papers of 8 pages maximum length as well as position papers & short papers of 4 to 6 pages length, and industry experiences and challenges papers of 4 to 6 pages. The paper format of the Workshop’s paper must follow the IEEE formatting guidelines. Paper Submission Webpage: https://encycris-2025.hotcrp.com/

With the aim of further strengthening the relevance of cybersecurity research for critical infrastructures, whilst being relevant and useful to industry, the following workshop research objectives are suggested:

• Integrated safety and security software engineering processes and methods for critical infrastructures that enable coordination among different stakeholders, including several teams and personnel with different competencies, and continuous integration of new and emerging technologies.
• Threat landscape for digital systems’ software in critical infrastructure and the modelling of cyber-attack scenarios for digital systems’ architecture and inter-dependencies. This includes accurate software architecture design model specifications that facilitate cybersecurity and Reliability, Availability, Maintainability and Safety (RAMS) assessment. Models should support effective communication of threats, vulnerabilities, risks, and potential mitigations to relevant stakeholders to support decision-making.
• The role and impact of black and grey-box technologies such as AI, machine-learning algorithms, off-the-shelf components (COTS), and supply chain elements, including third party services, on the cybersecurity of critical infrastructures. How do we estimate and handle the vulnerabilities potentially introduced by black-box technologies to achieve and maintain acceptable levels of risk throughout the life cycle of software, components, systems and solutions? How do we enable and empower stakeholders to address emerging threats and developing vulnerabilities more dynamically, with the aim of achieving greater resilience?
• The applications of digital twins, Artificial Intelligence (AI), Hardware-In-the-Loop test beds, simulators and/or emulators, and algorithms developed for cyber security purposes in critical infrastructures, especially to understand the consequences of a cyber-attack at an overall system level. Evaluate the effectiveness of the risk models, detection and response tools, and/or methods developed.
• The impact and importance of human factors in critical infrastructures systems and software development and operations, throughout the lifecycle of critical systems. How to prepare stakeholders such as developers, system operators and organizations to best handle unforeseen and unpredictable adverse cyber situations and events? How to overcome shortcomings in existing tools, methods, competence, and standards and regulations when planning and implementing cyber security response mechanisms and solutions.

The workshop topical areas

• Practical safety and security co-engineering - challenges and solutions for critical infrastructure and industrial software-intensive systems.
• Threat and vulnerability identification and impact estimation for response of cyber effects on software and hardware of critical infrastructures using models, simulations, and digital twins.
• The role, impact, and unsolved challenges of human, technology and organization in cybersecurity of critical infrastructures and complex socio-technical systems.
• Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.

The topics given above serve as guidance for the focus of the workshop and should not be seen as absolute. Adaptations to the workshop may be expected depending on the paper contributions and participants’ profiles.